Thursday, March 13, 2014

RUCTF Quals 2014 - php - Web 100 Write-up

When we looked to this problem there is a text explaining the CTF concept and at the bottom:
Language was detect automatically :)
After that, i looked for files like this:
http://w1.quals.ructf.org/en
http://w1.quals.ructf.org/ru
so it was including the file appropriate to our language we can use this to include any file we wanted, but first we need to find how it detects our language. First we looked for a cookie, nah this was not the way. Then we looked for headers and saw a field named "Accept-Language". Then we tried a request like this with curl:

curl http://w1.quals.ructf.org/ -H"Accept-Language:/etc/passwd"
but we could not find the file which helds the flag so decided to try RFI and it was working too!
By the help of a script like this:
http://file.0xdeffbeef.com/web100siken.txt
we gathered the flag with this request:
$flag = '5cf27d9bad2fe9d96d2bcf25c3b0bd14';

No comments:

Post a Comment